According to the Nigeria Data Protection Commission, there has been a rise in the scrutiny of the licensees of the National Identity Management Commission following a breach of data protection protocols on the website “expressverify,” which unauthorizedly accessed National Identification Number verification credentials.
These details were revealed in a statement shared on the official NDPC account on Friday.
Reports indicated that the website had unrestricted access to NINs and personal information of Nigerians registered in the NIMC-managed identity database.
On March 16, the Foundation for Investigative Journalism disclosed that the website was commercializing the retrieval of NINs and personal information from the Nigerian identification database.
After concerns were raised regarding data protection, regulatory authorities initiated investigations.
The commission’s findings suggest that a third-party entity initially authorized to offer verification services may have granted the website access to NIN verification details without proper consent.
The NDPC is currently investigating the circumstances surrounding the breach.
As part of the response, NIMC has implemented remedial measures, including temporarily halting all access to its database.
Although this action affected legitimate verification requests, limited access has now been restored for specific establishments providing essential public services.
Intensified scrutiny will be applied to data processing activities by licensees, with compliant entities allowed to conduct NIN verification.
NIMC will also organize extensive training sessions to ensure personnel and licensees comply with the requirements outlined in the Nigeria Data Protection Act and NIMC’s Privacy Policy.
The NDPC emphasizes the significance of the NIN for sustainable development and urges the public to recognize this importance.
As efforts to enhance data protection measures continue, citizens are advised to be cautious when sharing personal information online to mitigate potential risks.
Recently, Paradigm Initiative, a civil society organization, called for prompt action from NIMC and the NDPC following the privacy breach.
They stated that the breach violated the National Data Protection Act and citizens’ constitutional right to privacy, urging swift intervention to address this infringement.
Paradigm Initiative emphasized the necessity for NDPC to promptly investigate, holding all parties involved accountable for jeopardizing the security of the National Identity Database.